Merge pull request #721 from mozilla/jeffbryner-finding-1

rename details.service to details.finding
mozilla · Jul 11, 2018 · 5f6c75d · 5f6c75d
2 parents 1bbb456 + 2fe84fa
commit 5f6c75d
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/mq/plugins/guardDuty.py b/mq/plugins/guardDuty.py
@@ -21,8 +21,8 @@ def __init__(self):
         # AWS guard duty sends dates as iso_8601 which ES doesn't appreciate
         # here's a list of date fields we'll convert to isoformat
         self.date_keys = [
-            'details.service.eventLastSeen',
-            'details.service.eventFirstSeen',
+            'details.finding.eventLastSeen',
+            'details.finding.eventFirstSeen',
             'details.resource.instanceDetails.launchTime',
             'details.createdAt',
             'details.updatedAt'
@@ -32,8 +32,8 @@ def __init__(self):
         # Lets pick out some likely targets and format them
         # so other mozdef plugins can rely on their location
         self.ipaddress_keys =[
-            'details.service.action.networkConnectionAction.remoteIpDetails.ipAddressV4',
-            'details.service.action.awsApiCallAction.remoteIpDetails.ipAdrressV4'
+            'details.finding.action.networkConnectionAction.remoteIpDetails.ipAddressV4',
+            'details.finding.action.awsApiCallAction.remoteIpDetails.ipAdrressV4'
         ]
 
     def convert_key_date_format(self, needle, haystack):